
package com.ml.mall.config;

import com.google.common.collect.Maps;
import com.ml.mall.filter.JwtFilter;
import com.ml.mall.filter.SystemLogoutFilter;
import com.ml.mall.security.ApiRealm;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;


/**
 * @author kyyang
 * @version 1.0
 * @description: TODO
 * @date 2020/12/28 20:22
 */

@Configuration
public class ShiroConfig {
    @Bean("securityManager")
    public DefaultWebSecurityManager getManager(ApiRealm realm) {
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        // 使用自己的realm
        manager.setRealm(realm);


        /*
         * 关闭shiro自带的session，详情见文档
         * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
         */

        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
        manager.setSubjectDAO(subjectDAO);

        return manager;
    }

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();

        // 添加自己的过滤器并且取名为jwt
        Map<String, Filter> filterMap = Maps.newHashMap();
        filterMap.put("jwt", new JwtFilter());
        factoryBean.setFilters(filterMap);

        filterMap.put("logout", new SystemLogoutFilter());
        factoryBean.setSecurityManager(securityManager);
        factoryBean.setUnauthorizedUrl("/401");


        /*
         * 自定义url规则
         * http://shiro.apache.org/web.html#urls-
         * 这里最好用LinkedHashMap,否则可能回出现anon配置无效的情况
         */


        Map<String, String> filterRuleMap = new LinkedHashMap<String, String>();
        // 所有请求通过我们自己的JWT Filter
        //swagger资源不拦截
        filterRuleMap.put("/dealer/applay", "anon");
        filterRuleMap.put("/swagger-ui.html", "anon");
        filterRuleMap.put("/swagger**", "anon");
        filterRuleMap.put("/v2/**", "anon");
        filterRuleMap.put("/webjars/**", "anon");
        filterRuleMap.put("/swagger-resources/**", "anon");
        filterRuleMap.put("/configuration/security", "anon");
        filterRuleMap.put("/configuration/ui", "anon");

        filterRuleMap.put("/file/download", "anon");
        filterRuleMap.put("/file/getImgStream", "anon");
        filterRuleMap.put("/file/getImgBase64", "anon");


        filterRuleMap.put("/ipay88/callback", "anon");    //支付回调
        filterRuleMap.put("/ipay88/response_url", "anon"); //支付回调
        filterRuleMap.put("/analytics/health/check", "anon");    //健康检查
        filterRuleMap.put("/auth/health/check", "anon");    //健康检查
        filterRuleMap.put("/dim/health/check", "anon");    //健康检查
        filterRuleMap.put("/order/health/check", "anon");    //健康检查
        filterRuleMap.put("/product/health/check", "anon");    //健康检查
        filterRuleMap.put("/shopping/health/check", "anon");    //健康检查


        //filterRuleMap.put("/test/**", "anon");


        //druid监控地址不拦截
        filterRuleMap.put("/druid/**", "anon");
        //登录登出不拦截
        filterRuleMap.put("/user/login", "anon");
        filterRuleMap.put("/user/forgetPasswdEmail", "anon");
        filterRuleMap.put("/user/forgetPasswd", "anon");
        filterRuleMap.put("/logout", "logout");
        //H5前端不拦截
        filterRuleMap.put("/offcialsite/**", "anon");
        // 访问401和404页面不通过我们的Filter
        filterRuleMap.put("/401", "anon");

        // 忘记密码生成验证码
        filterRuleMap.put("/user/forget_pwd/send_code","anon");
        //用户邮件重置密码
        filterRuleMap.put("/user/repwd_by_code", "anon");
        // 忘记密码发送邮箱
        filterRuleMap.put("/sys/forgetPwd","anon");
        // 重置密码访问地址
        filterRuleMap.put("/sys/mail/rePwd","anon");
        // 验证经销商注册
        filterRuleMap.put("/dealer/verify/mail","anon");
        //邮箱中重置密码
        filterRuleMap.put("/user/reset/password","anon");

        // 放行图片
        filterRuleMap.put("/images/**","anon");


        /*=================最新放行接口==================*/
        //放行公司邮件检测
        filterRuleMap.put("/company/email/verify","anon");
        // 放行上传图片接口
        filterRuleMap.put("/file/uploadFile","anon");
        // 放行登录界面公司注册接口
        filterRuleMap.put("/company/register", "anon");
        filterRuleMap.put("/company/getImage", "anon");
        filterRuleMap.put("/company/getverfy", "anon");
        //产业放行
        filterRuleMap.put("/industry/query_page", "anon");
        filterRuleMap.put("/**", "jwt");
        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
        return factoryBean;
    }


    /**
     * 下面的代码是添加注解支持
     */

    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        // 强制使用cglib，防止重复代理和可能引起代理出错的问题
        // https://zhuanlan.zhihu.com/p/29161098
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
    }

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}

